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Amendments to the Claims: 

Claims Listing 

1 . (Currently Amended) A computer-implemented method of operating a 
reference monitor simulator to recreate operations performed by a reference monitor 
on a computer system, the method comprising: 

{A) defining at least one security rule specifying whether to allow or deny a 
request to access at least one resource; 

(B) supplying at least one request to access a resource; 

(G) applying the at least one security rule in response to the at least one 
request to access a resource to determine whether to allow or pr e v e nt the at least 
one request and to control whether access is granted to the resource ; and 

controlling the reference monitor simulator to operate at an accelerated rate 
as compared to an actual reference monitor by providing at least one parameter that 
defines a system environment in which the reference monitor simulator executes, 

where the at least one parameter includes a time parameter that , where th e 
t i me param e t e r controls one or more of, eliminating a time gap between trace 
requests, indicating that a time period between portions of a trace request has 
elapsed, and running a system clock faster than real-time,. 

the method being run, at least in part, as an event-driven kernel process . 

2. -5. (Canceled) 

6. (Currently Amended) The method of claim 1 , furth e r comprising: 

(D) assessing the effectiveness of the at least one security rule. 
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7. (Currently Amended) The method of claim 6, wherein assessing the 
effectiveness of the security rule f u rther comprises determining at least one of A the 
number of improper access requests prevented., and the number of proper access 
requests allowed. 

8. (Currently Amended) The method of claim 6, wherein assessing the 
effectiveness of the security rule further comprises determining a rate of improper 
requests prevented. 

9. (Currently Amended) The method of claim 1 , where in (8) furth e r providing at 
least one request to access a resource comprises an application program supplying 
the at least one request to access a resource. 

1 0. (Currently Amended) The method of claim 1 , where in (8) further supplying at 
least one request to access a resource comprises capturing at least one request to 
access a resource before supplying the at least one request to access a resource. 

1 1 . (Currently Amended) The method of claim 10, wherein a reference monitor 
performs the capture of the at least one request to access a resource. 

12. (Currently Amended) The method of claim 1 1 , wherem the reference monitor 
that which performs the capture of the at least one request to access a resource is 
the same type of reference monitor as the reference monitor whose operations are 
recreated by the reference monitor simulator. 

13. (Currently Amended) The method of claim 10, wherein the captured at least 
one request to access a resource is an improper request. 
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14. (Currently Amended) The method of claim 13, wherein an improper request 
comprises a request issued by an application in response to one of, a virus ± and a 
buffer overrun attack. 

15. (Currently Amended) The method of claim 10, wherein the captured at least 
one request is modified prior to supplying the at least one request to access a 
resource. 

16. (Currently Amended) The method of claim 15, wherein the modification is 
performed by a user. 

17. (Currently Amended) The method of claim 6, wherein an electronic file system 
stores the at least one security rule, and 

where in (D) furth e r assessing the effectiveness of the at least one security 
rule comprises the reference monitor simulator accessing the security rule in the 
electronic file system in response to receiving the at least one request to access a 
resource. 

1 8. (Currently Amended) The method of claim 1 , wherein the at least one 
parameter provided to the reference monitor simulator further i ncludes comprises at 
least one of a system clock, a wrapper function, and a timer event. 

1 9. (Currently Amended) The method of claim 1 , further comprising: 

(E) maintaining statistics on the operation of the reference monitor 
simulator. 
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20. (Currently Amended) The method of claim 19, wherem the statistics include at 
least one of x the number of requests per resource, number of total requests, type of 
request per resource, total of each type of request, number of queries, number of 
callbacks, number of requests allowed compared to number of requests expected, 
and number of requests prevented compared to number of prevented requests 
expected. 

21. -40. (Cancelled) 

41 . (Currently Amended) A system for providing a reference monitor simulator for 
simulating the operations performed by a reference monitor, the system comprising: 
a definer component to define at least one security rule specifying whether to 
allow or deny a request to access at least one resource under a given set of 
circumstances; 

a supplier component to supply at least one request to access a resource; 

and 

an applier component to apply the at least one security rule in response to the 
at least one request to access a resource to determine whether to allow or prevent 
the at least one request; and 

a control component to control the reference monitor simulator to operate at 
an accelerated rate as compared to an actual reference monitor by providing at least 
one parameter that defines a system environment in which the reference monitor 
simulator executes, 

where the at least one parameter includes a time parameter , where the time 
parameter that controls one or more of, eliminating a time gap between trace 
requests, indicating that a time period between portions of a trace request has 
elapsed, and running a system clock faster than real-time^ 
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where the applier component and control component operate, at least in part, 
at the kernel level, and where the system is event-driven . 

42.-45. (Canceled) 

46. (Currently Amended) The system of claim 41 , further comprising an assessor 
component to assess the effectiveness of the at least one security rule. 

47. (Currently Amended) The system of claim 46, wherein assessing the 
effectiveness of the security rule further comprises determining at least one of,, the 
number of improper access requests prevented., and the number of proper access 
requests allowed. 

48. (Currently Amended) The system of claim 46, wherein assessing the 
effectiveness of the security rule further comprises determining a rate of improper 
requests prevented. 

49. (Currently Amended) The system of claim 41 , further comprising an 
application program to supply the supplier component with the at least one request 
to access a resource. 

50. (Currently Amended) The system of claim 41 , further comprising a capture 
component to capture at least one request to access a resource before supplying 
the at least one request to access a resource. 

51 . (Currently Amended) The system of claim 50, wherein the capture component 
includes a second reference monitor. 
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52. (Currently Amended) The system of claim 51 , wherem the second reference 
monitor is a same type of reference monitor as the reference monitor whose 
operations are recreated by the reference monitor simulator. 

53. (Currently Amended) The system of claim 50, wherem the capture component 
captures at least one improper request to access a resource wh i ch i s an improper 
r e quest . 

54. (Currently Amended) The system of claim 53, wherem an improper request 
comprises a request issued by an application in response to one of A a virus A and a 
buffer overrun attack. 

55. (Currently Amended) The system of claim 50, further comprising a 
modification component to modify at least one captured request prior to supplying 
the at least one request to access a resource. 

56. (Currently Amended) The system of claim 55, wherein the modification 
component takes input from a user. 

57. (Currently Amended) The system of claim 41 , further comprising an electronic 
file system that which stores the at least one security rule, and where the applier 
component accesses the security rule in the electronic file system in response to 
receiving at least one request to access a resource. 
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58. (Currently Amended) The system of claim 41 , wherein the provider 
component provides at least one parameter to the reference monitor simulator which 
includes at least one of a system clock, a wrapper function, and a timer event. 

59. (Currently Amended) The system of claim 41 , further comprising: 

(E)- a statistics component to maintain statistics on the operation of the 
reference monitor simulator. 

60. (Currently Amended) The system of claim 59, wherein the statistics 
component maintains statistics that which include at least one of x the number of 
requests per resource, number of total requests, type of request per resource, total 
of each type of request, number of queries, number of callbacks, number of requests 
allowed compared to number of requests expected, and number of requests 
prevented compared to number of prevented requests expected. 

61. -98. (Canceled) 
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